{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-36222", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:41.802Z", "datePublished": "2025-09-11T20:44:06.696Z", "dateUpdated": "2025-09-11T20:44:06.696Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:storage_fusion:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_fusion:2.10.1:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Fusion", "vendor": "IBM", "versions": [{"lessThanOrEqual": "2.10.1", "status": "affected", "version": "2.2.0", "versionType": "semver"}]}, {"cpes": ["cpe:2.3:a:ibm:storage_fusion_hci:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_fusion_hci:2.10.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Fusion HCI", "vendor": "IBM", "versions": [{"lessThanOrEqual": "2.10.0", "status": "affected", "version": "2.2.0", "versionType": "semver"}]}, {"cpes": ["cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.10.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Fusion HCI for watsonx", "vendor": "IBM", "versions": [{"lessThanOrEqual": "2.10.0", "status": "affected", "version": "2.8.2", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Robert Hotchkiss"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions."}], "value": "IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1188", "description": "CWE-1188 Insecure Default Initialization of Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-11T20:44:06.696Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7244646"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM strongly recommends addressing the vulnerability now.</p><div><table><tbody><tr><td><strong>Products</strong></td><td><strong>Version range </strong></td><td><strong>Remediation Instructions</strong></td></tr><tr><td>IBM Fusion</td><td>2.2.0 - 2.10.1</td><td>Upgrade to IBM Fusion 2.11.0. See the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242341\">README</a>&nbsp;for instructions..</td></tr><tr><td>IBM Fusion HCI</td><td>2.2.0 - 2.10.0</td><td>Upgrade to IBM Fusion HCI 2.11.0. See the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242340\">README</a>&nbsp;for instructions.</td></tr><tr><td>IBM Fusion HCI for watsonx</td><td>2.8.2 - 2.10.0</td><td>Upgrade to IBM Fusion HCI for watsonx 2.11.0. See <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242340\">README</a>&nbsp;for instructions.</td></tr></tbody></table></div>\n\n<br>"}], "value": "IBM strongly recommends addressing the vulnerability now.\n\nProductsVersion range Remediation InstructionsIBM Fusion2.2.0 - 2.10.1Upgrade to IBM Fusion 2.11.0. See the README https://www.ibm.com/support/pages/node/7242341 \u00a0for instructions..IBM Fusion HCI2.2.0 - 2.10.0Upgrade to IBM Fusion HCI 2.11.0. See the README https://www.ibm.com/support/pages/node/7242340 \u00a0for instructions.IBM Fusion HCI for watsonx2.8.2 - 2.10.0Upgrade to IBM Fusion HCI for watsonx 2.11.0. See README https://www.ibm.com/support/pages/node/7242340 \u00a0for instructions."}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Fusion insecure default configuration", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions."}], "id": "CVE-2025-36222", "lastModified": "2025-09-11T21:15:34.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.8, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-09-11T21:15:34.350", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7244646"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{}